All Journals
kazko's Journal
WARNING: DNS Hijack Trojan and other recent exploits

Jan 26, 2009

 WARNING: DNS Hijack Trojan and other recent exploits

There are a lot of new exploits out there and one in particular is causing some havoc. It got me just last night. It is called a DNS Hijack or Changer. The trojan installs simply from you visiting a malicious web site, simple as that. I was browsing web administrator sites and blogs last night and got infected. Once infected, it changes your dns settings to a privately controlled and exploited server which intercepts all of your dns requests and proxies them and sends you to fake web sites. The malicious dns server often acts as a proxy and will exchange between you and the real website you are trying to go to and it will use that to collect your passwords and so forth and so on. Also, this system is used to give you a ton of extra popup ads. So if you get a lot of popups, you are probably infected. This is how I realized I was infected as all of my old sites suddenly had popups including sugarglider.com and my browsing became slower too as it had to wait for the proxy dns server to process. From what I have seen, odds are that most of you reading this are infected with at least some ADWare and maybe something worse like this.

What you can do?

First thing, check to see if you have the dns exploit. Open a command prompt and type ipconfig /all. Look for the DNS servers and see if they are what they should be. I didnt write mine down, but I believe the malicious ones on my system began with 238.xxx.xxx.xxx. As an Internet user, you should know what your DNS servers should be for your ISP. Odds are they will be automatic and not manually set which is good.

There are a lot of tools out there to use to search and clean your system. There are almost none that I trust. If you are surfing and get a popup ad that suggests you are infected with something, it's just an ad, it's a lie, and they WANT you to click on it to load up their cruddy trojan crud, so never ever do that.

One tool that I trust is called MalwareBytes Anti-Malware . I recommend that you download, install, update and then run this tool on your machine.

After it detects and cleans off the 200+ things that most of you are probably infected with, you need to check your DNS settings on your machine and make sure that they are what they are supposed to be. This program will remove the exploit, but it will not correct the DNS entries; that has to be done manually by you. Most of you should be set to automatic DNS via DHCP.

So after all of this, you really need to reboot and then hit F8 and select boot into safe mode WITHOUT networking and run the scan again. This may take much much longer this time, so do it at night or when you will be away. In safe mode, fewer things are running and the software can remove more exploits.

I have found that anti-virus softwares these days arent managing to be useful anymore. Mcafee, Norton, ... They all suck, seriously. It may well be worth paying the fee for the professional version of this program to have the realtime protection.



 Comments

No comments.
Newer Entries  Older Entries

 Navigate

Newer Entries  Older Entries
-----

 About Me

avatar kazko
Gender: Male
Occupation:computer geek
-----
Member since: Jan 24, 1997
Posts: 6747
-----
My Pictures View my pictures!
GliderMap I'm on the map!
-----
My Bio
NUTHOUSE (3) Pican 4/30/2002, died 6/02/2010 Buddy 5/01/2006 Hazel 2/01/2007, rehomed 11/28/2011 Maya 4/25/2007 Pili 4/25/2007 MISFITS (3) Big Guy 9/23/2003, died 1/29/2014 Lil Guy 9/23/2003, died 5/13/2015 Hunter 4/19/2006, died 3/23/2014 JP 8/12/2006 Shikoni 2004 Kioko 2003 Washi 2003, died 5/27/2014 SUGARSHACK (3) Chico 1/15/2006, died 9/14/2011 Cookie 10/15/2005 Kimmie 10/15/2005 Lucky 5/25/2007 Spritz 8/24/2007, died 7/06/2011 Ginger 8/24/2007, died 12/16/2012 Rock 9/09/2007, died 3/23/2013 Crystal 9/09/2007, died 11/01/2012

 Stats

Page hits: 2228